Or
Select Configure>Security Services>IPS>Sensor in the J-Web user interface.
The Sensor configuration page appears. explains the contents of this page.
Note: Starting in Junos OS Release 19.2R1, you can configure IP sensor in three sections: Basic Settings, Advance Settings, and Detectors.
Add or +—Adds the detector configuration. Enter information as specified in Table 231.
Edit or /—Updates the existing the detector configuration.
Delete or X— Deletes the existing the detector configuration
OK—Saves the configuration and returns to the main configuration page.
Commit Options>Commit—Commits the configuration and returns to the main configuration page.
Cancel—Cancels your entries and returns to the main configuration page.
Save—Saves all the configuration.
Note For all the configuration options, tool tip on the right-side represents different icons for notifications, validation errors, and successful configuration.
Commit Options>Commit—Commits the configuration and returns to the main configuration page.
Cancel—Cancels all the configuration changes you made.
Table 231: Configuring IDP Sensor Configuration Page
Field | Function | Action |
|---|---|---|
| Basic Settings | Select to configure basic IPS sensor settings. | |
| IDP Protection Mode | ||
Protection Mode | Specifies the inspection parameters for efficient inspection of traffic in the device. The options available are:
| Select an option from the list. |
| Intelligent Inspection | ||
IDP By Pass | Provides flexibility to bypass IDP or to drop the packets when the system CPU utilization reaches a high level. | Enable or disable the IDP Intelligent Bypass option. |
IDP By Pass CPU Threshold | Specifies when CPU utilization reaches the defined threshold value, the IDP stops inspecting new sessions. | Enter the threshold value. Range: 0 through 99. Default value: 85. |
IDP By Pass CPU Tolerance | Specifies the CPU tolerance value. | Enter the CPU tolerance value. Range: 1 through 99. Default value: 5. |
Intelligent Inspection | Minimizes IDP processing during system overload. | Enable or disable this option. If you enable this option, enter the following details:
|
Memory Lower Threshold | Species the memory lower threshold limit percentage. | Enter the memory lower threshold limit percentage. Range: 1 through 100. |
Memory Upper Threshold | Species the memory upper threshold limit percentage. | Enter the memory upper threshold limit percentage. Range: 1 through 100. |
| Flow | ||
Drop On Limit | Specifies the dropped connections on exceeding resource limits. | Enable or disable this option. |
Drop On Failover | Specifies the dropped traffic on HA failover sessions. | Enable or disable this option. |
Drop If No Policy Loaded | Specifies all the dropped traffic till IDP policy gets loaded. | Enable or disable this option. |
| Packet Log Note: Starting in Junos OS Release 19.2R1, Packet Log configuration is available. | ||
IP Address | Specifies the destination host to send packet log. | Enter the IP address of the destination host. |
Port | Specifies the UDP port number. | Enter the UDP port number. Range: 0-65535. |
Source Address | Specifies the source IP address used to transport packet log to a host. | Enter the source IP address. |
| Advanced Settings | Select to configure advanced IPS sensor settings. | |
| IDP Flow | ||
Log Errors | Specifies if the flow errors have to be logged. | Select an option from the list. |
Flow FIFO Max Size | Specifies the maximum FIFO size. | Enter a value. Range: : 1 through 65535. Default value is 1. |
Hash Table Size | Specifies the hash table size. | Enter a value. Range: 1024 through 1,000,000. Default value is 1024. |
Max Timers Poll Ticks | Specifies the maximum amount of time at which the timer ticks at a regular interval. | Enter a value. Range: 0 through 1000 ticks. Default value is 1000 ticks. |
Reject Timeout | Specifies the amount of time in milliseconds within which a response must be received. | Enter a value. Range: 1 through 65,535 seconds. Default value is 300 seconds. |
| Global | ||
Enable All Qmodules | Specifies if all the qmodules of the global rulebase IDP security policy are enabled. | Select an option from the list. |
Enable Packet Pool | Specifies if the packet pool is enabled to be used when the current pool is exhausted. | Select an option from the list. |
Policy Lookup Cache | Specifies if the cache is enabled to accelerate IDP policy lookup. | Select an option from the list. |
Memory Limit Percent | Specifies to limit IDP memory usage at this percent of available memory. | Enter a value. Range: 10 through 90 percent. |
| IPS | ||
Detect Shellcode | Specifies if shellcode detection has to be applied. | Select an option from the list. |
Ignore Regular Expression | Specifies if the sensor has to bypass DFA and PCRE matching. | Select an option from the list. |
Process Ignore Server-to-Client | Specifies if the sensor has to bypass IPS processing for server-to-client flows. | Select an option from the list. |
Process Override | Specifies if the sensor has to execute protocol decoders even without an IDP policy. | Select an option from the list. |
Process Port | Specifies a port on which the sensor executes protocol decoders. | Enter an integer. Range: 0 through 65535. |
IPS FIFO Max Size | Specifies the maximum allocated size of the IPS FIFO. | Enter an integer. Range: 1 through 65535. |
Minimum Log Supercade | Specifies the minimum number of logs to trigger the signature hierarchy feature. | Enter an integer. Range: 0 through 65535. |
| Log | ||
Cache Size | Specifies the size in bytes for each user’s log cache. | Enter a value. Range: 1 through 65,535 bytes. |
Disable Suppression | Specifies if the log suppression has to be disabled. | Enable or disable this option. |
Include Destination Address | Specifies to combine log records for events with a matching source address. | Select an option from the list. |
Max Logs Operate | Specifies the maximum number of logs on which log suppression can operate. IDP can operate on 16,384 log records by default. | Enter an integer. Range: 256 through 65,536 records. |
Max Time Report | Specifies the time (seconds) after which suppressed logs will be reported. IDP reports suppressed logs after 5 seconds by default. | Enter an integer. Range: 1 through 60 seconds. |
Start Log | Specifies the number of log occurrences after which log suppression begins. Log suppression begins with the first occurrence by default. | Enter an integer. Range: 1 through 128. |
| Reassembler | ||
Ignore Memory Overflow | Specifies if the user has to allow per-flow memory to go out of limit. | Select an option from the list. |
Ignore Reassembly Memory Overflow | Specifies if the user has to allow per-flow reassembly memory to go out of limit. | Select an option from the list. |
Ignore Reassembly Overflow | Specifies the TCP reassembler to ignore the global reassembly overflow to prevent the dropping of application traffic. | Enable or disable this option. |
Max Flow Memory | Specifies the maximum per-flow memory for TCP reassembly in kilobytes. | Enter an integer. Range: 64 through 4,294,967,295 kilobytes. |
Max Packet Memory | Specifies the maximum packet memory for TCP reassembly in kilobytes. | Enter an integer. Range: 64 through 4,294,967,295 kilobytes |
Max Synacks Queued | Specifies the maximum limit for queuing Syn/Ack packets with different SEQ numbers. | Enter an integer. Range: 0 through 5 |
| Packet Log | ||
Max Sessions | Specifies the maximum number of sessions actively conducting pre-attack packet captures on a device at one time. | Enter an integer. Range: 1 through 100 percent |
Total Memory | Specifies the maximum amount of memory to be allocated to packet capture for the device. | Enter an integer. Range: 1 through 100 percent |
| Detectors | Click + and enter the following fields. | |
Protocol | Specifies the name of the protocol to enable or disable the detector. | Select the name of the protocol from the list. |
Tunable Name | Specifies the name of the tunable parameter to enable or disable the protocol detector for each of the services. | Select the name of the specific tunable parameter from the list. |
Tunable Value | Specifies the value of the tunable parameter to enable or disable the protocol detector for each of the services. | Enter the protocol value of the specific tunable parameter. Range: 0 to 4294967295 |